<?php
  session_start();
    
  if (strlen($_POST["submit"]) > 0) {
    $user = str_replace("\"","\"\"",$_POST["username"]);
    $pass = md5($_POST["password"]);
    
    $db = sqlite_open("db/database.db");
    $result = sqlite_query($db, "select id from users where user='" . $user . "' and passwd='" . $pass . "'");
    
    if (sqlite_num_rows($result) > 0) {
      $_SESSION["loggedin"] = true;
      header("Location: http://" . $HTTP_SERVER_VARS['HTTP_HOST'] . dirname($HTTP_SERVER_VARS['PHP_SELF']) . "/menu.php");
      exit;
    }
  }
  
  session_destroy();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>TorrenTouch</title>
    <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"/>
    <style type="text/css" media="screen">@import "css/iui.css";</style>
    <script type="application/x-javascript" src="javascript/iui.js"></script>
  </head>
  <body>
    
    <div class="toolbar">
        <h1 id="pageTitle"></h1>
    </div>
    
    <form title="TorrenTouch" class="panel" action="index.php" target="_self" method="POST" selected="true">
      <h2>Login</h2>
        <fieldset>
          <div class="row">
            <label>User</label>
            <input type="text" name="username" value=""/>
          </div>
          <div class="row">
            <label>Password</label>
            <input type="password" name="password" value=""/>
          </div>
        </fieldset>
        <input type="submit" name="submit" value="Login"/>
    </form>

  </body>
</html>